The Internet has an identifier for users - it is their email address. Trying to
tech users to use anything else is pointless.
As far as I am concerned, we have a hierarchy of usability interests here:
Users:
They come first, their needs are paramount and trump all others.
Authentication
PM
To: Martin Atkins; Hallam-Baker, Phillip
Cc: specs@openid.net; OpenID List
Subject: RE: [OpenID] OpenID Extension to handle Emails Addresses?
Verisign wants validation of id related to dns (and dnssec).
Wonder why?
As long as an op can verify the dns assuraces and communciate them to the rp
AM
To: Hallam-Baker, Phillip
Cc: Eran Hammer-Lahav; OpenID specs list
Subject: Re: OpenID Email Discovery
On Jan 3, 2008, at 6:03 PM, Hallam-Baker, Phillip wrote:
NAPTR is an ietf proposed standard but there is no deployed base.
well, there certainly are deployed bases where i sit, since we
On the contrary, you require the SSL certificate to match the domain of the
identifier being authenticated and the problem is solved.
Alternatively you use a scheme such as SAML to perform the authentication which
would provide more flexibility than a transport layer security model.
One reason
You can use domain validated SSL certificates or DNSSEC here. Either is
sufficient.
There is no technology gap here.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Artur Bergman
Sent: Friday, January 04, 2008 6:14 AM
To: Trevor Johns
Cc:
This is the function of the existing DNS SRV record.
_openid.example.com SRV 1 1 1 1 openid1.example.com
The Internet has an architecture already. Use it, don't try to reinvent it.
From: [EMAIL PROTECTED] on behalf of Eran Hammer-Lahav
Sent: Thu 03/01/2008
I think that it is very important to remember that there are two separate
identifier issues here:
1) What the user is expected to type.
2) The cannonical representation used by the machines.
In the pre-Mosaic Web browsers the URI simply did not appear in the primary
chrome. Open URI was a
The semantics of an identifier arise from its usage.
It is of course entirely possible that someone might configure their system in
such a way that the Kerberos principal [EMAIL PROTECTED] was different from the
person with email address [EMAIL PROTECTED] was different from the person with
Hallam-Baker, Phillip wrote:
Over time everyone will own their own DNS domain
and it will form the hub of their personal
communications system. All communication modes will map
onto the single unified communication identifier.
I don't necessarily disagree with many of your
I think that it is an excellent idea since it allows us to have it both ways.
We can continue to offer backwards compatibility with legacy infrastructure
without compromising the strength of the strongest schemes.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL
[mailto:[EMAIL PROTECTED] On Behalf Of Ben Laurie
More importantly, I think I have a solution that will make
both of us happy, but I now have to go and ride my motorbike
fast, so I'll detail it later.
Now there is an exit line to tempt the Gods.
The only way that I can see that you are
. That is an argument I made ten
years ago.
This is partly about correcting that original mistake.
-Original Message-
From: Ka-Ping Yee [mailto:[EMAIL PROTECTED]
Sent: Monday, January 22, 2007 3:05 PM
To: Hallam-Baker, Phillip
Cc: James A. Donald; Ben Laurie; specs@openid.net;
openid-general
The problem is not the people who contribute, it's the ones who never join the
group or agree to any license because they never intend to make or sell
anything.
Align with the standards bodies, that way we have the option of going to a
standards body later.
I have been through the pain
Don't worry about the patent trolls there is only one way to stop them and that
is not to have any money worth stealing.
There are probably snots already reading the list archive so they can claim to
have invented stuff. Someone claimed to have invented one IETF standard five
years after the
work was stolen.
-Original Message-
From: Chris Messina [mailto:[EMAIL PROTECTED]
Sent: Monday, December 11, 2006 9:51 PM
To: Hallam-Baker, Phillip
Cc: David Nicol; Gavin Baumanis; Martin Atkins;
specs@openid.net; [EMAIL PROTECTED]
Subject: Re: [OpenID] Opened IPR Policy Draft
Why not just take the W3C IPR policy verbatim and change the organization name?
The W3C patent policy is I believe released under creative commons for
precisely this reason if not this can easily happen. The agreement was
subscribed to by all the major vendors and the major open source groups.
Please don't use HTTP this way. That is not the semantics for http URLs.
A better scheme would be to use mailto:[EMAIL PROTECTED] or to define
openid:[EMAIL PROTECTED]
There are two issues here:
1) The user presentation of the identifier
2) The machine presentation
The two do not need to be
that the identity provider supports three different authentication
protocols, SAML, a reduced SAML and OPENID.
-Original Message-
From: David Fuelling [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 08, 2006 1:56 PM
To: Hallam-Baker, Phillip
Cc: specs@openid.net; [EMAIL
me a simple thing is too complex and then proposes to do the
single hardest, most complex thing in computer networking I have concerns.
-Original Message-
From: Drummond Reed [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 08, 2006 7:42 PM
To: Hallam-Baker, Phillip; Recordon, David
: Thursday, November 09, 2006 2:05 AM
To: Johannes Ernst
Cc: Hallam-Baker, Phillip; specs@openid.net; general
Subject: Re: XRDS vs. DNS level identity (was RE: [PROPOSAL]
Handle http://[EMAIL PROTECTED] Style Identifiers)
I agree with Johannes here. DNS is not user accessible (for
good reason
If we want identities to be persistent then we are going to need to introduce a
layer of indirection.
This normally gets me worried about patents and such. Fortunately Multics did
this, so did UNIX and VMS. Plenty of prior art.
If we are serious about decentralization then map the user
I'm afraid I still don't get it.
As far as I am concerned the authenticated identifier is the tuple:
(Identity-provider-Id, Identifier)
If we want to have a single identifier there has to be a mechanism for
establishing the scope of authority for each IdP over a specific subset of
No, that is the work-arroundThe solution is
to have theemail client assign fonts according to who
is writing.
Messages from Lord
Rees-Mogg are written in an elegant Edwardian Copperplate.
Paris Hilton uses
BroadwayComments from Dick come in this
font
Sounds right to
me.
-Original
Back at the dawn of the Web I made the mistake of thinking that the address bar
was the place you type a URI.
We now know that it is the place you type a search term that may be a URL in
canonical form or may be a domain name or may be a search term to be thrown at
a search engine. It was one
Title: RE: Delegation discussion summary
There is an established vocabulary, it should be used.
Sent from my GoodLink Wireless Handheld (www.good.com)
-Original Message-
From: Recordon, David [mailto:[EMAIL PROTECTED]]
Sent: Thursday, October 12, 2006 09:04 PM Pacific Standard
Title: RE: Identifier portability: the fundamental issue
We must have different understandings of the term sacred then.
My understanding of the term is that it refers to a tenet of faith which might cause offense if contradicted.
Sent from my GoodLink Wireless Handheld (www.good.com)
26 matches
Mail list logo
